Monday, September 01, 2014

Learning SDR

I recently launched Software Defined Radio with HackRF, an instructional video series that I hope will make it easier than ever for people to learn the basics of Software Defined Radio (SDR).

When I first learned to use SDR for my wireless security research, it was hard. At first I thought, "I can build radios out of software! I don't know anything about building radios, but I know software. Now with SDR I can build radios!" Unfortunately that wasn't quite true. I quickly learned that, even though I knew a thing or two about software, I knew nothing about Digital Signal Processing (DSP). I also learned that DSP is a lot more complicated than it seemed at first.

Fortunately I happened to be in the best possible place to learn SDR (electronics too) at the time. I was surrounded by RF engineers, and several of them were DSP experts. (I told this story in more detail during a panel discussion at the DEF CON 22 Wireless Village.) Even so, it took me a year or two before I was competent enough to build flexible SDR implementations that were useful for my research. As I finally achieved this goal, I started trying to help other people in the information security community learn to use the technology because I could see that there is no better tool for wireless security research, and especially for reverse engineering of radio signals, than SDR.

The first place I tried to do this was at Black Hat USA 2008. In my talk, Software Radio and the Future of Wireless Security I hoped to teach people the basics of SDR in less than an hour. I thought I could do something like "DSP in five minutes", but, as I developed the presentation, it turned out that I couldn't distill the essentials into such a small amount of time. The following year, Dominic Spill and I volunteered to give a two day SDR workshop at the first ToorCamp. We prepared some material, borrowed a little gear, and set out to teach people the practical skills of working with SDR. This effort was much better, but we had some problems. We only had enough equipment for three to six people, and about thirty showed up. We were in a hot desert full of volcanic ash that invaded all our gear. We had frequent power outages. Despite these challenges, we had a good time, and several people were able to learn some essential skills.

A few weeks later at DEF CON, Sergey Bratus convinced me to make a second attempt at the class in a more favorable setting. We happened to have the conversation while standing next to H1kari who offered a room at ToorCon San Diego, and I've been teaching there every year since then. I think we had five or six people that first year. It went quite well, but it was a challenge getting enough hardware together to allow everyone to fully participate. As the years went by, it became clear that the greatest barrier to entry was the hardware. My classes grew slowly, but they were attended primarily by people who already had SDR equipment. I was accomplishing my goal of teaching security folks about SDR, but I wasn't reaching very many people.

I had been kicking around the idea of trying to build a low cost SDR hardware platform for a long time. In fact, Project Ubertooth was originally intended to be an SDR platform. One of the primary reasons I was interested in building an SDR platform was to be able to provide something that my students could afford, something that could even be rolled into the cost of the class. It took a long time, but I eventually started the HackRF project and later completed HackRF One, an open source hardware platform for SDR. HackRF One is the most affordable general-purpose SDR transceiver in the world, and it allows more people than ever before to learn SDR.

These days I still teach at ToorCon, and I also often teach at other information security events including TROOPERS and Black Hat. The availability of HackRF (and rtl-sdr and more) has made SDR accessible to everyone in the security community and beyond. It is finally possible to bring SDR to a much wider audience, so I have started turning my course content into an online video series.

Software Defined Radio with HackRF is published under an open content license. As I continue to add more videos, I hope that it will become an even more thorough introduction to SDR than I am able to squeeze into a two day class. I hope that with this series and my in-person training, I have finally achieved my dream of making SDR easy to learn. Instead of taking a year, now people can spend a few days of fun experimentation and get started with this exciting technology.

today I watched your first GNU Radio tutorial. I build up the FM radio as shown in GRC. Because I'm waiting for my HackRF from the German sales point I use a RTL SDR. I' m running Gnu radio on a Kali Linux USB stick OS. In Gnu radio everything is working, but I dont get any audio and I have the feeling, gnu radio just shows me the center frequency, FFT shows no other signal peaks.

I sat the sample rate to 1M, because at higher levels I had a lot of overflow.

Mike, this series is terrific. As an now software/firmware engineer/manager who studied DSP in college, this helps to dust off some of the rust and makes very clear some of the fundamental concepts. You are a talented educator (and hardware designer) and it would have been so much easier to understand and visualize this field if anything like this series and hardware was available back in those days (mid 80's). Back then we had our college Prime computer and timeshare account with form feed bins. Am looking forward to the whole series. Do you have any outline yet to share as to what you are planning to cover? P.S. burst out laughing when you alluded to a need for 'the talk' when showing the sample type choices, concerning "complex" choice. Just ordered a HACK RF device, which is naturally on backorder already.

I can't thank you enough for you Learning SDR videos. Everone is a gold mind. Please continue to give exercises and suggested reading. I finished "Pratical Signal Processng" by Mark Owen this week. The HackRF One is great. As soon as I get through the learning curve of GnuRadio I'm going to buy another. - W5TSU

The educational quality of the lectures in this series is really really excellent. Many sites on Internet talk about SDR, but, none give clear understand of things from basic concepts to practical things.

Michael is an awesome teacher. The lessons are extremely clear and helpful. After I started watching these lessons, I couldn't stop going on, and can't wait for more. Please, please, keep it coming.

Hello Mike: This is flora from Seeedstudio. I have emailed you on 16th. Dec which is about developing a business relationship with you.

Our company has great interest in your HackRF and would like to feature your product on our platform www.seeedstudio.com. If you got any interests in team up with us .please contact me: flora.tao@seeed.cc

Hello Mike: This is flora from Seeedstudio. I have emailed you on 16th. Dec which is about developing a business relationship with you.

Our company has great interest in your HackRF and would like to feature your product on our platform www.seeedstudio.com. If you got any interests in team up with us .please contact me: flora.tao@seeed.cc

Mike,I'm amazed at what you've accomplished with HakRF One. Many have aspired to build a low-cost programmable platform, some have shipped alphas and betas, but no others have followed through with a plan to obtain funding and enter mass production. You're a brilliant example of the modern agile entrepreneur!

I'd like to buy a HackRF but they're out of stock everywhere. What can you tell us about the production process and lead times?

Hello, i really love what you do on SDR,i really need your, i am going to work on a project to generate GPS signals using software radio HackRF, sorry to be long, my questions:-how generating a GPS signal with BPSK modulation and data?-How to Then put attenuators to reduce the power ( around -130dBm ) and connect to a GPS receiver-The idea is to see the receiver to acquire the GPS signal, and see the signal to noise ratio measured by the receiver-Thereafter , introduce 3 or 4 other GPS signals and the receiver view the position of the receiver calculatedThanks

I admire the valuable information you offer in your articles. I will bookmark your blog and have my children check up here often. I am quite sure they will learn lots of new stuff here than anybody else!

Just finished lesson 11 - brilliant stuff!!! In earlier lessons, you promised a "future" episode covering the hardware, but so far that didn't come!?

Could you perhaps do a hardware lesson, or, link to something you've already recorded that goes over the hardware perhaps?

The main things I cannot comprehend so far: what the heck *is* a radio signal? How does the I and Q get recorded ? (the hardware makes 2 readings next to one another, right?). In my mind, I visualise an antenna as a tube full of marbles (electrons?); if you accelerate them, they make "ripples" in a 3-dimensional imaginary "pool" - wobble them back and forth to create radio - is that a sensible way to think of these things?

How can the HackRFone do "gigahertz" anything, when it's maximum sample rate is only in megahertz?